Setup Federations Using ScienceMesh

Introduction

This document guides you to setup a federation between users of Infinite Scale instances using the ScienceMesh framework which includes the Open Cloud Mesh (OCM) technology. See the ScienceMesh ScienceMesh Logo link for more framework details.

To setup a federation using ScienceMesh, only a view steps are necessary:

  • Setup a trust between instances involved.

  • Setup the federation between users using generated tokens.

  • Share resources between users of the federation.

One Time Setup

The following description has only to be done one time per instance involved to setup a trust relationship and requires sysadmins which have access to the Infinite Scale configuration files.

For security reasons and data protection, invitations are limited to trusted instances only.

Setup a Trust Relationship

In the example below, a trust relationship is setup between the ocis.owncloud.test and host.docker.internal instances.

The following needs sysadmin priviledges on both federation parties

To prepare the Infinite Scale instances involved for federation, a trust relationship must be setup. To do so, an ocmproviders.json file needs to be created according the description in Trust Between Instances.

When the file has been properly setup, OpenCloudMesh needs to be enabled via an environment variable. See Enable OCM for more details.

Finally, depending on the deployment, either all federation instances or each ocm service needs to be restarted to take the changes effective.

Setup a Federation Between Users

Before sharing resources, a sharer must first invite a parter to join a federation. This only needs to be done one time per invitor/acceptor pair. This pair is now called a federation. After setting up the federation, sharing resources can mutually be created.

The following can be carried out by any user of the trusted instances. When demo users have been setup, which should not be present in production, one federation partner must be a user that has been created manually.

Generate an invite token by the invitor

In our example, user vlad from the ocis.owncloud.test instance generates the invite token.

  • Select the ScienceMesh app, the selector can be opened by the square icon on the top left:

    Select the ScienceMesh App

  • The Invitations screen opens:

    Invitations Screen

  • In Invite users, click Generate new invitation, the following window appears. Optionally, enter a description and an eMail address of the partner user for the federation you want to create and click Generate. If an eMail address is entered, a preformed URL with the token is sent to the sharee for ease of accepting. Note that you cant edit a generated token. You either must recreate or send it manually.

    Generate new invitation

  • Back in Invite users, the generated token shows up. The remaining time to accept the invite before expiring is also shown.

    Show Generated Token

Accept the invite token by the federation partner

In our example, user ludmilla from the host.docker.internal instance is the federation partner and will accept the invite token.

If the federation partner got an eMail to accept the invite, click on the link provided in the eMail to open the Invitations screen with prefilled data in the Acccept invitations window.

  • Select the ScienceMesh app, the selector can be opened by the square icon on the top left:

    Select the ScienceMesh App

  • The Invitations screen opens:

    Invitations Screen

  • In Acccept invitations, if not prefilled via the eMail link, enter the token and select the institution of the user who sent the invite from the dropdown field. Token and institution must match to be acceptable. Click Accept invitation when done:

    Invitation Data

  • In window Federated connections, the setup federation is now shown and ready to share resources between the federation partners. This information is respective also shown on the inviter side of the federation:

    Acceptor:

    Federated Connections Sharee

    Invitor:

    Federated Connections Sharer

Share Resources

After the federation has been finally setup, federated users can now share resources. Note that a user must have accepted the invitaion to be selectable in the sharing dialogue.

  • In Files App  Inside a Space  File or Folder  Sharing Icon, switch to external and start typing the user name. When found, select it:

    Search Federation User

    As rule of thumb:

    • You cannot share your personal space.

    • You cannot share a project space.

    • You should not share files from your personal space for security reasons.

    • Only share files and folders inside project spaces.

  • If you have more federations, you can add more users. With the three vertical dots, you can select additional options. When done, click Share

    Select More Users

  • In Files App  Shares, you can see all shares that are Shared with me or Shared with others:

    Sharing Overview